WHAT IS CLAIMED IS: 

1. A process of controlling a flow of data in a wireless network providing 
wireless access to the wireless network by wireless devices, said process comprising: 

receiving data from a wireless device by a network device, through one access 
point of a plurality of access points in communication with the network device, 
5 indicating a client identifier for the wireless device; 

forwarding the client identifier to an authentication server; 
mediating authentication of the wireless device with the authentication server; 
evaluating data packets received from portions of the wireless network and from 
the plurality of access points; and 
1 0 passing the received data packets to portions of the wireless network and to the 

plurality of access points, based on the evaluation of the received data packets; 

wherein the network device periodically polls for a status of the wireless device 
from the access point, and 

wherein the access points and the network device exchange information relating 
15 to configuration, status, and client session statuses of the access points through a 
messaging protocol. 

2. A process as recited in claim 1, wherein said step of evaluating data packets 
comprises filtering of the received data packets, such that filtered data packets can be 
dropped to limit an effectiveness of a denial of service attack. 
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3. A process as recited in claim 1, wherein said step of mediating authentication 
of the wireless device comprises restricting access to the wireless network by the 
wireless device based on a category of user determined from the client identifier. 

4. A process as recited in claim 3, wherein said step of restricting access to the 
wireless network is based on a type of device to which the wireless device belongs. 

5. A process as recited in claim 1, wherein said step of mediating authentication 
of the wireless device comprises restricting access to the wireless network by the 
wireless device based on an hour and a day of the week in which the data was received 
from the wireless device. 

6. A process as recited in claim 5, wherein said step of restricting access to the 
wireless network is based on at least one of a type of device to which the wireless device 
belongs and on a category of user determined from the client identifier. 

7. A process as recited in claim 1, wherein said step of mediating authentication 
of the wireless device comprises restricting access to the wireless network by the 
wireless device based on a physical location of the one access point of a plurality of 
access points. 

8. A process as recited in claim 1, wherein said step of mediating authentication 
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of the wireless device comprises restricting access to the wireless network by the 
wireless device based on a type of an application, running on the wireless device, 
seeking network access for the wireless device. 

9. A process as recited in claim 1, wherein said step of passing the received data 
packets comprises forwarding updates to software and configurations of the plurality of 
access points to the plurality of access points from a single site on the wireless network 
through a single update. 

10. A process as recited in claim 1, wherein coverage areas for at least two of the 
plurality of access points overlap and the process further comprises: 

monitoring usage by wireless devices of the at least two of the plurality of access 
points; and 

5 prompting the at least two of the plurality of access points to change the usage by 

the wireless devices such that a load carried by the at least two of the plurality of access 
points is approximately balanced. 

1 1. A process as recited in claim 10, wherein load carried by the at least two of 
the plurality of access points is determined by at least one of a number of wireless 
devices using the at least two of the plurality of access points, a number of packets 
transmitted and received by the at least two of the plurality of access points and an 

5 average bandwidth carried by the at least two of the plurality of access points. 
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12. A process as recited in claim 10 5 wherein load carried by the at least two of 
the plurality of access points is determined by at least one of priorities of packets 
recently transmitted and received by the at least two of the plurality of access points, a 
type of application running on the wireless devices and communicating with the at least 

5 two of the plurality of access points and a signal strength provided to the wireless 
devices provided by the at least two of the plurality of access points. 

13. A process as recited in claim 1, wherein said step of passing the received 
data packets comprises maintaining a priority indicated by the data packets and tagging 
the data packets with a priority tag to be evaluated by the access points. 

14. A process as recited in claim 1, wherein said step of passing the received 
data packets comprises establishing a prioritization policy based on filtering of the data 
packets and tagging the data packets with a priority tag to be evaluated by the access 
points based on the established prioritization policy. 

15. A process as recited in claim 1, further comprising establishing a bandwidth 
usage policy for the wireless devices and instructing the plurality of access points to 
follow the established bandwidth usage policy. 

16. A process as recited in claim 1, further comprising: 

receiving a re-association request from a transferring wireless device through a 

55 



new access point of the plurality of access points, where the transferring wireless device 
was previously associated with an old access point of the plurality of access points; 

providing session information for the transferring wireless device to the new 
access point; and 

updating a routing table with a routing location of the transferring wireless 

device. 

17. A process as recited in claim 16, further comprising encapsulating received 
data packets with Internet protocol information associated with the new access point 
and updating routing information in a local routing table. 

18. A process as recited in claim 1, further comprising: 

receiving a re-association request from a transferring wireless device through a 
new access point of the plurality of access points, where the transferring wireless device 
was previously associated with an alternate access point in communication with the 
wireless network through an alternate network device; 

sending a request for configuration information for the transferring wireless 
device from the alternate network device; and 

forwarding access point configuration data, determined from the configuration 
information for the transferring wireless device received from the alternate network 
device, to the new access point. 
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19. A process as recited in claim 1, wherein the wireless device is a wireless 
internet protocol phone, the client identifier is call setup data and said step of passing 
the received data packets comprises passing voice over internet protocol data packets to 
portions of the wireless network and to the plurality of access points, based on the 
evaluation of the received voice over internet protocol data packets. 

20. A process as recited in claim 19, wherein said step of mediating 
authentication of the wireless device with the authentication server comprises: 

sending a call connected signal received from an Internet protocol phone 
gateway to the one access point; and 

mediating a negotiation of network resources between the Internet protocol 
phone gateway and the wireless Internet protocol phone. 

21. A network device for controlling a flow of data in a wireless network 
providing wireless access to the wireless network by wireless devices, said network 
device comprising: 

receiving means for receiving data from a wireless device by the network device, 
through one access point of a plurality of access points in communication with the 
network device, indicating a client identifier for the wireless device; 

forwarding means for forwarding the client identifier to an authentication server; 

mediating means for mediating authentication of the wireless device with the 
authentication server; 
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10 evaluating means for evaluating data packets received from portions of the 

wireless network and from the plurality of access points; and 

passing means for passing the received data packets to portions of the wireless 
network and to the plurality of access points, based on the evaluation of the received 
data packets; 

1 5 wherein the network device is configured to periodically poll for a status of the 

wireless device from the access point, and 

wherein the access points and the network device exchange information relating 
to configuration, status, and client session statuses of the access points through a 
messaging protocol. 

22. A network device as recited in claim 21, wherein said evaluating means 
comprises filtering means for filtering the received data packets, such that filtered data 
packets can be dropped to limit an effectiveness of a denial of service attack. 

23. A network device as recited in claim 21, wherein said mediating means 
comprises restricting means for restricting access to the wireless network by the 
wireless device based on a category of user determined from the client identifier. 

24. A network device as recited in claim 23, wherein said restricting means is 
configured to restrict access based on a type of device to which the wireless device 
belongs. 
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25. A network device as recited in claim 21, wherein said mediating means 
comprises restricting means for restricting access to the wireless network by the 
wireless device based on an hour and a day of the week in which the data was received 
from the wireless device. 

26. A network device as recited in claim 25, wherein said restricting means is 
configured to restrict access based on at least one of a type of device to which the 
wireless device belongs and on a category of user determined from the client identifier. 

27. A network device as recited in claim 21, wherein said mediating means 
comprises restricting means for restricting access to the wireless network by the 
wireless device based on a physical location of the one access point of a plurality of 
access points. 

28. A network device as recited in claim 21, wherein said mediating means 
comprises restricting means for restricting access to the wireless network by the 
wireless device based on a type of an application, running on the wireless device, 
seeking network access for the wireless device. 

29. A network device as recited in claim 21, wherein said passing means 
comprises forwarding means for forwarding updates to software and configurations of 
the plurality of access points to the plurality of access points from a single site on the 
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wireless network through a single update. 

30. A network device as recited in claim 21, wherein coverage areas for at least 
two of the plurality of access points overlap and the network device further comprises: 

monitoring means for monitoring usage by wireless devices of the at least two of 
the plurality of access points; and 
5 prompting means for prompting the at least two of the plurality of access points 

to change the usage by the wireless devices such that a load carried by the at least two of 
the plurality of access points is approximately balanced. 

31. A network device as recited in claim 30, wherein load carried by the at least 
two of the plurality of access points is determined by at least one of a number of 
wireless devices using the at least two of the plurality of access points, a number of 
packets transmitted and received by the at least two of the plurality of access points and 

5 an average bandwidth carried by the at least two of the plurality of access points. 

32. A network device as recited in claim 30, wherein load carried by the at least 
two of the plurality of access points is determined by at least one of priorities of packets 
recently transmitted and received by the at least two of the plurality of access points, a 
type of application running on the wireless devices and communicating with the at least 

5 two of the plurality of access points and a signal strength provided to the wireless 
devices provided by the at least two of the plurality of access points. 
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33. A network device as recited in claim 21, wherein said passing means 
comprises maintaining means for maintaining a priority indicated by the data packets 
and tagging the data packets with a priority tag to be evaluated by the access points. 

34. A network device as recited in claim 21, wherein said passing means 
comprises establishing means for establishing a prioritization policy based on filtering 
of the data packets and tagging the data packets with a priority tag to be evaluated by the 
access points based on the established prioritization policy. 

35. A network device as recited in claim 21, further comprising establishing 
means for establishing a bandwidth usage policy for the wireless devices and 
instructing the plurality of access points to follow the established bandwidth usage 
policy. 

36. A network device as recited in claim 21, further comprising: 

second receiving means for receiving a re-association request from a transferring 
wireless device through a new access point of the plurality of access points, where the 
transferring wireless device was previously associated with an old access point of the 
plurality of access points; 

providing means for providing session information for the transferring wireless 
device to the new access point; and 

updating means for updating a routing table with a routing location of the 
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transferring wireless device. 



37. A network device as recited in claim 36, further comprising encapsulating 
means for encapsulating received data packets with Internet protocol information 
associated with the new access point and updating routing information in a local routing 
table. 

38. A network device as recited in claim 21, further comprising: 

second receiving means for receiving a re-association request from a transferring 
wireless device through a new access point of the plurality of access points, where the 
transferring wireless device was previously associated with an alternate access point in 
5 communication with the wireless network through an alternate network device; 

sending means for sending a request for configuration information for the 
transferring wireless device from the alternate network device; and 

second forwarding means for forwarding access point configuration data, 
determined from the configuration information for the transferring wireless device 
1 0 received from the alternate network device, to the new access point. 

39. A network device as recited in claim 21, wherein the wireless device is a 
wireless internet protocol phone, the client identifier is call setup data and said step of 
passing the received data packets comprises passing voice over internet protocol data 
packets to portions of the wireless network and to the plurality of access points, based 
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on the evaluation of the received voice over internet protocol data packets. 

40. A network device as recited in claim 39, wherein said mediating means 
comprises: 

sending means for sending a call connected signal received from an Internet 
protocol phone gateway to the one access point; and 

second mediating means for mediating a negotiation of network resources 
between the Internet protocol phone gateway and the wireless Internet protocol phone. 
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